SUSE CVE-2026-43906

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a heap-based buffer overflow in the HEIF decoder of OpenImageIO allows out-of-bounds writes via crafted images due to a subimage metada...

CVE-2026-43906 OpenImageIO: HEIF Heap overflow

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a heap-based buffer overflow in the HEIF decoder of OpenImageIO allows out-of-bounds writes via crafted images due to a subimage metada...

CVE-2026-43906

OpenImageIO contains a heap-based buffer overflow in its HEIF decoder, allowing out-of-bounds writes via crafted images due to a subimage metadata mismatch. Affected versions are prior to 3.0.18.0 and 3.1.13.0, with memory corruption that could lead to code execution. The issue is fixed in 3.0.18...

CVE-2026-43906 OpenImageIO: HEIF Heap overflow

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a heap-based buffer overflow in the HEIF decoder of OpenImageIO allows out-of-bounds writes via crafted images due to a subimage metada...

PT-2026-41025

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a heap-based buffer overflow in the HEIF decoder of OpenImageIO allows out-of-bounds writes via crafted images due to a subimage metada...

The vulnerability of the read_subimage_data function in the OpenImageIO image processing library allows a hacker to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the readsubimagedata function in the OpenImageIO image processing library is related to the copying of buffers without checking the input data. Exploiting this vulnerability could allow an attacker to gain access to confidential data, compromise its integrity, and even cause...

DEBIAN-CVE-2024-40630

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation via a format-agnostic API with a feature set, scalability, and robustness needed for feature film production. In affected versions there is a bug in the heif input...

UBUNTU-CVE-2024-40630

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation via a format-agnostic API with a feature set, scalability, and robustness needed for feature film production. In affected versions there is a bug in the heif input...

PT-2024-28952 · Unknown +1 · Openimageio +1

Name of the Vulnerable Software and Affected Versions: OpenImageIO versions prior to 2.5.13.1 Description: The issue is related to a bug in the heif input functionality of OpenImageIO, specifically in the HeifInput::seek subimage function. This bug can lead to an information disclosure issue,...

DEBIAN-CVE-2023-42299

Buffer Overflow vulnerability in OpenImageIO oiio v.2.4.12.0 allows a remote attacker to execute arbitrary code and cause a denial of service via the readsubimagedata function...

CVE-2023-42299

Buffer Overflow vulnerability in OpenImageIO oiio v.2.4.12.0 allows a remote attacker to execute arbitrary code and cause a denial of service via the readsubimagedata function...

CVE-2023-42299

Buffer Overflow vulnerability in OpenImageIO oiio v.2.4.12.0 allows a remote attacker to execute arbitrary code and cause a denial of service via the readsubimagedata function...

CVE-2023-42299

Buffer Overflow vulnerability in OpenImageIO oiio v.2.4.12.0 allows a remote attacker to execute arbitrary code and cause a denial of service via the readsubimagedata function...

ALPINE-CVE-2023-43786

A vulnerability was found in libX11 due to an infinite loop within the PutSubImage function. This flaw allows a local user to consume all available system resources and cause a denial of service condition...

PT-2023-6112 · Libx11 +10 · Libx11 +10

Name of the Vulnerable Software and Affected Versions: libX11 affected versions not specified Description: The issue is related to an infinite loop within the PutSubImage function of the libX11 library, which provides the client API for the X Window System. This flaw allows a local user to consum...

PT-2023-28311 · Unknown +2 · Openimageio +2

Name of the Vulnerable Software and Affected Versions: OpenImageIO oiio version 2.4.12.0 Description: The issue allows a remote attacker to execute arbitrary code and cause a denial of service via the read subimage data function. Recommendations: For OpenImageIO oiio version 2.4.12.0, consider...

SUSE CVE-2007-5378

Buffer overflow in the FileReadGIF function in tkImgGIF.c for Tk Toolkit 8.4.12 and earlier, and 8.3.5 and earlier, allows user-assisted attackers to cause a denial of service segmentation fault via an animated GIF in which the first subimage is smaller than a subsequent subimage, which triggers...

Mozilla: Uninitialized memory could be read when using the WebGL copyTexSubImage method

The Mozilla Foundation Security Advisory describes this flaw as: When reading from areas partially or fully outside the source resource with WebGL's copyTexSubImage method, the specification requires the returned values be zero. Previously, this memory was uninitialized, leading to potentially...

Mozilla: Uninitialized memory could be read when using the WebGL copyTexSubImage method

The Mozilla Foundation Security Advisory describes this flaw as: When reading from areas partially or fully outside the source resource with WebGL's copyTexSubImage method, the specification requires the returned values be zero. Previously, this memory was uninitialized, leading to potentially...

Apple QuickTime FlashPix NumberOfTiles Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple QuickTime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists during the parsing of a...